Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WindowsSystem' = '%LOCALAPPDATA%\ibreq.exe'
- %HOMEPATH%\pictures\<File name>.jpg
- %LOCALAPPDATA%\ibreq.vbs
- %LOCALAPPDATA%\ibreq.exe
- %LOCALAPPDATA%\ibreq.vbs
- %LOCALAPPDATA%\ibreq.vbs
- 'be####sta.studio':65000
- http://14#.##.101.183:65000/
- DNS ASK be####sta.studio
- '<SYSTEM32>\wscript.exe' %LOCALAPPDATA%\ibreq.vbs
- '%LOCALAPPDATA%\ibreq.exe'
- '<SYSTEM32>\cmd.exe' /c %HOMEPATH%\Pictures\<File name>.jpg' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c %LOCALAPPDATA%\ibreq.exe' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c %HOMEPATH%\Pictures\<File name>.jpg
- '<SYSTEM32>\wscript.exe' %LOCALAPPDATA%\ibreq.vbs
- '<SYSTEM32>\cmd.exe' /c %LOCALAPPDATA%\ibreq.exe